The API status quo 


APIs make the world go around. 55% of global traffic on 
the Cloudflare network is APl-related. 


This means API endpoints must be tightly managed and 
secured. What’s more, API are now firmly in the sights of 
attackers--Cloudflare currently blocks a greater 
percentage of API traffic than web traffic. 


With APIs driving more business and representing an 
important attack vector, organizations must stay on top 
of many API challenges: 


Visibility into shadow APIs OWASP API top 10 
attacks 


API abuse 


Data exfiltration 


Managing endpoints 


Understanding API 
performance 


Many development teams push 
new APIs into production 
without notifying security or IT 
teams - leading to shadow APIs 


Security must account for the 
OWASP list of API security risks. 
API security and management 
tools must offer protection 


Cloudflare API Gateway keeps APIs secure and 
productive with API discovery, central API 
management and monitoring, and innovative, 
layered defenses. API Gateway is part of 
Cloudflare's application security portfolio that also 
stops bots, thwarts DDoS attacks, blocks 
application attacks and monitors for supply chain 
attacks. 


Attacks will often abuse and 
overwhelm APIs, necessitating 
new ways to throttle 
authenticated API sessions. 
Also, data must never be 


exposing the company to risk. 


Security needs tools to help 
discover and register these APIs 
to then properly secure and 
management them. 


against these attacks, including 
authentication and authorization 
issues, abuse (lack of 
resources), and improper assets 
management when lack of 
visibility and logging becomes 
an issue. 


1 888 99 FLARE | enterprise@cloudflare.com | www.cloudflare.com 


exfiltrated in the API response 
phase given APIs often share 
important, sensitive data. 
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API Gateway 


API Management 
API discovery Discovery of API endpoints in use. 


API management Centrally register and manage endpoints discovered or added to the central API endpoint 
console. 


API analytics Understand API performance: total requests, latency, error rate, and response size, etc. 


Integrated Application All application security (WAF, Bot Management, API security and management, Page Shield, 
Security mTLS,) is managed through an integrated console. 


Why Cloudflare API Gateway 


e Consolidated API management e Fully integrated into the e API Gateway customers also 
and API security in a single, Cloudflare Application utilize the Cloudflare Zero 
unified console, eliminating the Security portfolio that Trust portfolio, Workers 
need for separate API Gateways includes our WAF, Bot serverless and storage, and 
and API security tools. Management, Advanced our world-class performance 

Rate Limiting, Page Shield, portfolio. 


and DDoS protection. 


Cloudflare Leadership 


Organizations gain a more effective application security posture 
with the Cloudflare global network as their enterprise security 
perimeter. The Cloudflare application security portfolio has 
received numerous accolades for its strength and breadth. 
Gartner named Cloudflare a leader in the 2022 Gartner® Magic 
Quadrant™ for Web Application and API Protection (WAAP). 
Gartner also named the Cloudflare WAF a 2022 Customer's 
Choice. Frost & Sullivan recognized Cloudflare as an Innovation 
Leader in the 2020 Global Holistic Web Protection while IDC 
and Forrester named the company a 2021 DDoS leader. 


Gartner 


Peer Insights 
Customers’ 
Choice 2022 
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